by r0t,der4444,cembo,VietMafia

Saturday, December 03, 2005

MyTemplateSite XSS vuln.

MyTemplateSite XSS vuln.
Vuln. dicovered by : r0t
Date: 3 dec. 2005
vendor:http://www.infinetsoftware.com/products/mts/default.asp
affected version: 1.2 and prior

Product Description:
Create your own template site with MyTemplateSite. MyTemplate site is an out-of-the-box, full featured template site solution. The software handles management, publishing, ordering, and secure downloading. Seamless PayPal/2Checkout integration.

Vuln. Description:
Input passed to the "q" parameter in "search.asp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew